Skip to content

Instantly share code, notes, and snippets.

@rdev5
Created August 21, 2017 17:16
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rdev5/70094bd186be41a09e809bcff38f2839 to your computer and use it in GitHub Desktop.
# Shibboleth IdP AES Secret Key Rotator (DataSealer) by Matt Borja
# Reference: https://wiki.shibboleth.net/confluence/display/IDP30/SecretKeyManagement
# Caution: Target $nodes should be placed in maintenance mode before committing to minimize service disruption.
param(
[String]$idp_home = "C:/Program Files (x86)/Shibboleth/IdP",
[String]$alias = "secret",
[String[]]$nodes = ("shib-node02.example.com", "shib-node03.example.com"),
)
function BuildNodeIdPPath([string]$node, [string]$local_path) {
return (Resolve-Path -Path $local_path).ToString().Replace("C:\", [string]::Format("\\{0}\c$\", $node))
}
function GetIdPConfiguration([string]$config, [string]$idp_home, [string]$name) {
$idp_properties = (Resolve-Path -Path "$idp_home/conf/idp.properties")
$pattern = [string]::format("^{0}\s*=\s*(.+)$", [Regex]::Escape($name))
$result = (Get-Content $idp_properties | Select-String -Pattern $pattern)
if ($result.Matches.Count -eq 0) {
Write-Host "[WARN] No value found for $name ($pattern)"
return $null
}
$value = $result.Matches.Groups[1].Value
return $value.Replace("%{idp.home}", $idp_home)
}
$keygen_bin = (Resolve-Path -Path "$idp_home/bin/seckeygen.bat")
$sealer_path = (Resolve-Path -Path "$idp_home/credentials")
# Load from configuration file
$storepass = (GetIdPConfiguration -idp_home $idp_home -name "idp.sealer.storePassword")
$storefile = (Resolve-Path -Path (GetIdPConfiguration -idp_home $idp_home -name "idp.sealer.storeResource"))
$versionfile = (Resolve-Path -Path (GetIdPConfiguration -idp_home $idp_home -name "idp.sealer.versionResource"))
& $keygen_bin --storefile $storefile --storepass $storepass --versionfile $versionfile --alias $alias
# Replicate
ForEach ($node in $nodes) {
Write-Host "Replicating to $node..."
$dest = (BuildNodeIdPPath -node $node -local_path $sealer_path)
Copy-Item $sealer_path\sealer.* $dest
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment